On Saturday, November 11, 2017 at 1:40:24 PM UTC, Stumpy wrote: > On 11.11.2017 13:43, David Hobach wrote: > > On 11/11/2017 12:52 AM, Stumpy wrote: > >> > >> > >> On 10.11.2017 17:45, David Hobach wrote: > >>> On 11/10/2017 05:41 PM, David Hobach wrote: > >>>> > >>>>> Your point about sys-net not working might very well be part of it > >>>>> as it seems to start sometimes and not others, though the firewall > >>>>> isn't starting 100% of the time. > >>>> > >>>> There's a few issues wrt the qubes firewall open on github. The > >>>> funny/bad thing about it being that if it doesn't start, it'll > >>>> default to "Allow all"... x_X > >>>> > >>>> That's present in 4.0rc2 at least. > >>> > >>> Correction: > >>> Just noticed that you were probably talking about the sys-firewall > >>> VM. > >>> I was talking about the qubes-firewall service running in > >>> sys-firewall. > >> > >> Well it seems that reinstalling didn't help. I tried w/o creating the > >> whonix or usb sys templates, i didn't try the "advanced" option as I > >> was not sure how to make templates and wasn't soooo motivated as to go > >> that path. I did try the qvm-start <template> route and wasn't able to > >> start any of them, even when sys-net was up. > >> A bit of a pity as I was looking forward to tinkering with it... and > >> "learning how to stop worrying and love" Qubes w/o a VM Manager, I > >> kinda liked the manager ;) > > > > Check the other threads on the topic (there were a couple about VMs > > not starting recently). > > > > Also try to set non-starting VMs to virt_mode = pv and try qvm-start > > again. That has some negative security implications (check Joannas > > thread on pv vs hvm virtualisation), but it might get them started at > > least. > > > > qvm-prefs sys-firewall virt_mode pv > > > > Thanks for the suggestions, while ultimately sec is important to me, for > this box I won't do anything important on it so this might be a > reasonable temp solution.
Did switching to PV instead of HVM work for you btw? It's good to know for others reading this thread in the future. - - - - - At any rate, regardless of PV or HVM, Qubes is still really secure compared to most (all?) personal based OS systems for daily life. The HVM is an improvement up from Qubes 3.2, but Qubes 3.2 was still reasonably secure in its own right, in this day and age, compared to the rest of the OS's out there. Like it seems you think too, it indeed won't be the end of the world not having it. It's my understanding that the move towards HVM is to remove the kind of difficult to pull off PV attacks, which at current state certainly cannot be automated in any kind of malware either (I assume). Maybe a sophisticated futuristic A.I. or very dedicated (team of?) hackers with the right resources, can pull it off? Maybe someone more experienced can confirm if PV attacks are indeed rare or difficult to pull off, or if any such attack can be made easy, standardized or automated. Don't get me wrong, I'm not suggesting its meaningless to move to HVM, it just does not seem like the end of the world right now not to have it (unless someone else proves me wrong). Attacks toward PV might become easier in the future too, and early prevention is great, rather than being reactive or proactive. HVM might currently be more relevant for high profile targeted people using Qubes, whom need security. Or the "speculative" unlucky lot whom are the victims of skilled hackers out there trying to figure out how to hack Qubes (it's speculative how many or if any are trying to find exploits in Qubes on live systems in the wild, but rational to assume by the logic of deduction to be at least some hackers out there trying to attack live Qubes systems, it's a big world). So it becomes a question of how many skilled hackers who found a way to attack PV whom seek a live Qubes system to practice/learn on, vs. how many users whom actually use Qubes, and thereby, the odds/risk that you are among the unlucky few to get an successful attack. Seemingly, they should currently be rare and unconfirmed. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/95925d74-8ed3-447b-b8cf-5f69901d5d5b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
